On a recent scan of our network, we saw ICMP echo requests coming in with the ICMP code set to 255. As it's normally supposed to be set to zero (and I can't recall ever having seen a non-zero code on an echo request), I'm assuming that this was some sort of constructed packet. Anyone else seen this before? Of course, it's possible it's some sort of new DoS attack, though we didn't have any reports of machines crashing because of it. -Larry --- E. Larry Lidz Phone: (773)702-2208 Sr. Network Security Officer Fax: (773)702-0559 Network Security Center, The University of Chicago PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 13:11:53 PDT